bea.com | products | dev2dev | support | askBEA |
|
e-docs > WebLogic Server > Using Web Server Plug-Ins WithWebLogic Server > Installing and Configuring the Apache HTTP Server Plug-In |
Using Web Server Plug-Ins WithWebLogic Server |
Installing and Configuring the Apache HTTP Server Plug-In
The following sections describe how to install and configure the Apache HTTP Server Plug-In:
Overview of the Apache HTTP Server Plug-In
The Apache HTTP Server Plug-In allows requests to be proxied from an Apache HTTP Server to WebLogic Server. The plug-in enhances an Apache installation by allowing WebLogic Server to handle those requests that require the dynamic functionality of WebLogic Server.
The plug-in is intended for use in an environment where an Apache Server serves static pages, and another part of the document tree (dynamic pages best generated by HTTP Servlets or JavaServer Pages) is delegated to WebLogic Server, which may be operating in a different process, possibly on a different host. To the end user—the browser—the HTTP requests delegated to WebLogic Server still appear to be coming from the same source.
HTTP-tunneling, a technique which allows HTTP requests and responses access through a company's firewall, can also operate through the plug-in, providing non-browser clients access to WebLogic Server services.
The Apache HTTP Server Plug-In operates as an Apache module within an Apache HTTP Server. An Apache module is loaded by Apache Server at startup, and then certain HTTP requests are delegated to it. Apache modules are similar to HTTP servlets, except that an Apache module is written in code native to the platform.
Keep-Alive Connections in Apache Version 1.3.x
Version 1.3.x of the Apache HTTP Server Plug-In creates a socket for each request and closes the socket after reading the response. Because Apache HTTP Server is multiprocessed, connection pooling and keep-alive connections between WebLogic Server and the Apache HTTP Server Plug-In cannot be supported.
Keep-Alive Connections in Apache Version 2.0
Version 2.0 of the Apache HTTP Server Plug-In improves performance by using a reusable pool of connections from the plug-in to WebLogic Server. The plug-in implements HTTP 1.1 keep-alive connections between the plug-in and WebLogic Server by reusing the same connection in the pool for subsequent requests from the same client. If the connection is inactive for more than 30 seconds, (or a user-defined amount of time) the connection is closed and returned to the pool. You can disable this feature if desired. For more information, see "KeepAliveEnabled".
The plug-in proxies requests to WebLogic Server based on a configuration that you specify. You can proxy requests based on the URL of the request (or a portion of the URL). This is called proxying by path. You can alsoproxy requests based on the MIME type of the requested file. Or you can use a combination of both methods. If a request matches both criteria, the request is proxied by path. You can also specify additional parameters for each type of request that define additional behavior of the plug-in. For more information, see Configuring the Apache HTTP Server Plug-In.
The Apache HTTP Server Plug-In is supported on Linux, Solaris, and HPUX11 platforms. For information on support for specific versions of Apache, see the BEA WebLogic Server Certifications Page at http://download.oracle.com/docs/cd/E13222_01/wls/platforms/index.html#apach.
Installing the Apache HTTP Server Plug-In
You install the Apache HTTP Server Plug-In as an Apache module in your Apache HTTP Server installation. The module is installed either as a Dynamic Shared Object (DSO) or as a statically linked module. (Installation as a statically linked module is only available for Apache version 1.3.x). There are separate instructions in this section for DSO and statically linked module installation.
Installing the Apache HTTP Server Plug-In as a Dynamic Shared Object
To install the Apache HTTP Server Plug-In as a dynamic shared object:
The Apache plug-in is distributed as a shared object (.so) for use on Solaris, Linux, and HPUX11 platforms. Each shared object file is distributed as a separate version, depending on the platform, whether or not SSL is to be used between the client and Apache, and the encryption strength for SSL (regular or 128 bit— 128 bit versions are only installed if you install the 128 bit version of WebLogic Server). The shared object files are located in the following directories of your WebLogic Server installation:
The Apache HTTP Server Plug-In will be installed in your Apache HTTP Server installation as an Apache Dynamic Shared Object (DSO). DSO support in Apache is based on a module named mod_so.c that must be enabled before mod_wl.so is loaded. If you installed Apache using the supplied script, mod_so.c should already be enabled. To verify that mod_so.c is enabled, execute one of the following commands:
For Apache 1.x, APACHE_HOME\bin\httpd -l
For Apache 2.x, APACHE_HOME\bin\Apache -l
(Where APACHE_HOME is the directory containing your Apache HTTP Server installation.)
This command lists all of the enabled modules. If mod_so.c is not listed, build your Apache HTTP Server from the source code, making sure that the following options are configured:
AddModule mod_so.c
For Apache 2.x, copy the mod_wl_20.so file to the APACHE_HOME\modules directory rather than running apxs. For more information, see the Apache HTTP Server Version 2.0 documentation.
perl APACHE_HOME\bin\apxs -i -a -n weblogic mod_wl.so
This command copies the mod_wl.so file to the APACHE_HOME\libexec directory. It also adds two lines of instructions for weblogic_module to the httpd.conf file and activates the module. Make sure that the following lines were added to your APACHE_HOME/conf/httpd.conf file in your Apache 1.x server installation:
LoadModule weblogic_module libexec/mod_wl.so
AddModule mod_weblogic.c
For Apache 2.x, add the following line to your APACHE_HOME/conf/httpd.conf file manually:
LoadModule weblogic_module modules/mod_wl_20.so
For Apache 1.x, APACHE_HOME\bin\apachect1 configtest
For Apache 2.x, APACHE_HOME\bin\Apache -t
The output of this command indicates any errors in your httpd.conf file.
http://myApacheserver.com/weblogic/
Installing the Apache HTTP Server Plug-In as a Statically Linked Module
To install the Apache HTTP Server Plug-In as a statically linked module:
Each library file is distributed as a separate version, depending on the platform and the encryption strength for SSL (regular or 128-bit—128-bit versions are only installed if you install the 128-bit version of WebLogic Server). The library files are located in the following directories of your WebLogic Server installation:
tar -xvf apache_1.3.x.tar
configure --activate-module=src\modules\weblogic\libweblogic.a
configure--activate-module=
src\modules\weblogic\libweblogic128.a
make
make install
Configuring the Apache HTTP Server Plug-In
After you install the plug-in in the Apache HTTP server, edit the httpd.conf file to configure the Apache plug-in. Editing the httpd.conf file informs the Apache Web server that it should load the native library for the plug-in as an Apache module and also describes which requests should be handled by the module.
Edit the httpd.conf file in your Apache HTTP server installation to configure the Apache HTTP Server Plug-In:
LoadModule weblogic_module libexec\mod_wl.so
AddModule mod_weblogic.c
LoadModule weblogic_module modules\mod_wl_20.so
For example, the following IfModule block for a non-clustered WebLogic Server specifies that all files with MIME type .jsp are proxied:
<IfModule mod_weblogic.c>
WebLogicHost myweblogic.server.com
WebLogicPort 7001
MatchExpression *.jsp
</IfModule>
You can also use multiple MatchExpressions, for example:
<IfModule mod_weblogic.c>
WebLogicHost myweblogic.server.com
WebLogicPort 7001
MatchExpression *.jsp
MatchExpression *.xyz
</IfModule>
If you are proxying requests by MIME type to a cluster of WebLogic Servers, use the WebLogicCluster parameter instead of the WebLogicHost and WebLogicPort parameters. For example:
<IfModule mod_weblogic.c>
WebLogicCluster w1s1.com:7001,w1s2.com:7001,w1s3.com:7001
MatchExpression *.jsp
MatchExpression *.xyz
</IfModule>
<Location /weblogic>
SetHandler weblogic-handler
</Location>
The Apache HTTP Server Plug-In recognizes the parameters listed in General Parameters for Web Server Plug-Ins. To modify the behavior of your Apache HTTP Server Plug-In, define these parameters either:
Alternative Procedure for Editing the httpd.conf File
<IfModule mod_weblogic.c>
# Config file for WebLogic Server that defines the parameters
Include conf/weblogic.conf
</IfModule>
Note: Defining parameters in an included file is not supported when using SSL between Apache HTTP Server Plug-In and WebLogic Server.
PARAM_1 value1
PARAM_2 value2
PARAM_3 value3
Template for the Apache HTTP Server httpd.conf File
This section contains a sample httpd.conf file. You can use this sample as a template that you can modify to suit your environment and server. Lines beginning with # are comments. Note that Apache HTTP Server is not case sensitive, and that the LoadModule and AddModule lines are automatically added by the apxs utility.
####################################################
APACHE-HOME/conf/httpd.conf file
####################################################
LoadModule weblogic_module libexec/mod_wl.so
AddModule mod_weblogic.c
<Location /weblogic>
SetHandler weblogic-handler
PathTrim /weblogic
ErrorPage http://myerrorpage1.mydomain.com
</Location>
<Location /servletimages>
SetHandler weblogic-handler
PathTrim /something
ErrorPage http://myerrorpage1.mydomain.com
</Location>
<IfModule mod_weblogic.c>
MatchExpression *.jsp
WebLogicCluster w1s1.com:7001,w1s2.com:7001,w1s3.com:7001
ErrorPage http://myerrorpage.mydomain.com
</IfModule>
Sample httpd.conf Configuration Files
Instead of defining parameters in the location block of your httpd.conf file, if you prefer, you can use a weblogic.conf file that is loaded by the IfModule in the httpd.conf file. The following examples may be used as templates that you can modify to suit your environment and server. Lines beginning with # are comments.
Example Using WebLogic Clusters
# These parameters are common for all URLs which are
# directed to the current module. If you want to override
# these parameters for each URL, you can set them again in
# the <Location> or <Files> blocks. (Except WebLogicHost,
# WebLogicPort, WebLogicCluster, and CookieName.)
<IfModule mod_weblogic.c>
WebLogicCluster w1s1.com:7001,w1s2.com:7001,w1s3.com:7001
ErrorPage http://myerrorpage.mydomain.com
MatchExpression *.jsp
</IfModule>
####################################################
Example Using Multiple WebLogic Clusters
# These parameters are common for all URLs which are
# directed to the current module. If you want to override
# these parameters for each URL, you can set them again in
# the <Location> or <Files> blocks (Except WebLogicHost,
# WebLogicPort, WebLogicCluster, and CookieName.)
<IfModule mod_weblogic.c>
MatchExpression *.jsp WebLogicHost=myHost|WebLogicPort=7001|Debug=ON
MatchExpression *.html WebLogicCluster=myHost1:7282,myHost2:7283|ErrorPage=
http://www.xyz.com/error.html
</IfModule>
Example Without WebLogic Clusters
# These parameters are common for all URLs which are
# directed to the current module. If you want to override
# these parameters for each URL, you can set them again in
# the <Location> or <Files> blocks (Except WebLogicHost,
# WebLogicPort, WebLogicCluster, and CookieName.)
<IfModule mod_weblogic.c>
WebLogicHost myweblogic.server.com
WebLogicPort 7001
MatchExpression *.jsp
</IfModule>
Example Configuring IP-Based Virtual Hosting
NameVirtualHost 172.17.8.1
<VirtualHost goldengate.domain1.com>
WebLogicCluster tehama1:4736,tehama2:4736,tehama:4736
PathTrim /x1
ConnectTimeoutSecs 30
</VirtualHost>
<VirtualHost goldengate.domain2.com>
WeblogicCluster green1:4736,green2:4736,green3:4736
PathTrim /y1
ConnectTimeoutSecs 20
</VirtualHost>
Example Configuring Name-Based Virtual Hosting With a Single IP Address
<VirtualHost 162.99.55.208>
ServerName myserver.mydomain.com
<Location / >
SetHandler weblogic-handler
WebLogicCluster 162.99.55.71:7001,162.99.55.72:7001
Idempotent ON
Debug ON
DebugConfigInfo ON
</Location>
</VirtualHost>
<VirtualHost 162.99.55.208>
ServerName myserver.mydomain.com
<Location / >
SetHandler weblogic-handler
WebLogicHost russell
WebLogicPort 7001
Debug ON
DebugConfigInfo ON
</Location>
</VirtualHost>
Using SSL with the Apache Plug-In
You can use the Secure Sockets Layer (SSL) protocol to protect the connection between the Apache HTTP Server Plug-In and WebLogic Server. The SSL protocol provides confidentiality and integrity to the data passed between the Apache HTTP Server Plug-In and WebLogic Server. In addition, the SSL protocol allows the plug-in to authenticate itself to WebLogic Server to ensure that information is passed to a trusted principal.
The Apache HTTP Server Plug-In does not use the transport protocol (http or https) specified in the HTTP request (usually by the browser) to determine whether or not the SSL protocol is used to protect the connection between the Apache HTTP Server Plug-In and WebLogic Server.
Although two-way SSL can be used between the HTTP client and Apache HTTP server, note that one-way SSL is used between Apache HTTP Server and WebLogic Server.
Implementing two-way SSL between Apache and the HTTP Client:
request.getAttribute("javax.net.ssl.peer_certificates");
Configuring SSL Between the Apache HTTP Server Plug-In and WebLogic Server
To use the SSL protocol between Apache HTTP Server Plug-In and WebLogic Server:
Issues with SSL-Apache Configuration
Two known issues arise when you configure the Apache plug-in to use SSL:
The following configuration is incorrect:
<Location /weblogic>
SetHandler weblogic-handler
</Location>
<IfModule mod_weblogic.c>
WebLogicHost localhost
WebLogicPort 7001
PathTrim /weblogic
</IfModule>
The following configuration is the correct setup:
<Location /weblogic>
SetHandler weblogic-handler
PathTrim /weblogic
</Location>
<IfModule mod_weblogic.c>
MatchExpression *.jsp
Include weblogic.conf
</IfModule>
Connection Errors and Clustering Failover
When the Apache HTTP Server Plug-In attempts to connect to WebLogic Server, the plug-in uses several configuration parameters to determine how long to wait for connections to the WebLogic Server host and, after a connection is established, how long the plug-in waits for a response. If the plug-in cannot connect or does not receive a response, the plug-in attempts to connect and send the request to other WebLogic Server instances in the cluster. If the connection fails or there is no response from any WebLogic Server in the cluster, an error message is sent.
Figure 2-1 demonstrates how the plug-in handles failover.
Possible Causes of Connection Failures
Failure of the WebLogic Server host to respond to a connection request could indicate possible problems with the host machine, networking problems, or other server failures.
Failure of all WebLogic Server instances to respond, could indicate that WebLogic Server is not running or is unavailable, a hung server, a database problem, or other application failure.
Failover with a Single, Non-Clustered WebLogic Server
If you are running only a single WebLogic Server instance the plug-in only attempts to connect to the server defined with the WebLogicHost parameter. If the attempt fails, an HTTP 503 error message is returned. The plug-in continues trying to connect to that same WebLogic Server instance until ConnectTimeoutSecs is exceeded.
When you specify a list of WebLogic Servers in the WebLogicCluster parameter, the plug-in uses that list as a starting point for load balancing among the members of the cluster. After the first request is routed to one of these servers, a dynamic server list is returned containing an updated list of servers in the cluster. The updated list adds any new servers in the cluster and deletes any that are no longer part of the cluster or that have failed to respond to requests. This list is updated automatically with the HTTP response when a change in the cluster occurs.
Failover, Cookies, and HTTP Sessions
When a request contains a session information stored in a cookie, in the POST data, or by URL encoding, the session ID contains a reference to the specific server instance in which the session was originally established (called the primary server) and a reference to an additional server where the original session is replicated (called the secondary server). A request containing a cookie attempts to connect to the primary server. If that attempt fails, the request is routed to the secondary server. If both the primary and secondary servers fail, the session is lost and the plug-in attempts to make a fresh connection to another server in the dynamic cluster list. For more information, see Figure 2-1 Connection Failover.
Note: If the POST data is larger than 64K, the plug-in will not parse the POST data to obtain the session ID. Therefore, if you store the session ID in the POST data, the plug-in cannot route the request to the correct primary or secondary server, resulting in possible loss of session data.
Figure 2-1 Connection Failover
*The Maximum number of retries allowed in the red loop is equal to
ConnectTimeoutSecs ÷ ConnectRetrySecs.